Universal Access To All Knowledge
Home Donate | Store | Blog | FAQ | Jobs | Volunteer Positions | Contact | Bios | Forums | Projects | Terms, Privacy, & Copyright
Search: Advanced Search
Anonymous User (login or join us)
Upload

Reply to this post | Go Back
View Post [edit]

Poster: 0 Date: Aug 3, 2002 3:23pm
Forum: general Subject: security with php


if users can post materials taht will go through the php processor, I believe this is a large security hole.

I suggest you think about forum and review entries and where these submissions might be able to get processed on the server.

-brewster

Reply to this post
Reply [edit]

Poster: 0 Date: Aug 3, 2002 11:51pm
Forum: general Subject: Re: security with php

I'm not sure I know what you mean? What types of things might people be able to post that are security problems? Nothing submitted by users ever gets "executed", only viewed... An example might help clarify this for me

Reply to this post
Reply [edit]

Poster: 0 Date: Aug 4, 2002 12:37am
Forum: general Subject: Re: security with php

ubbthreads went to great length to make it so that user posts would not go through the php processor. I dont know if iathreads has this issue.

can someone post some text that is expanded on the page and then go through php processor on apache? if not, then it is moot.

-brewster

Reply to this post
Reply [edit]

Poster: 0 Date: Aug 4, 2002 12:49am
Forum: general Subject: Re: security with php

let's see... i'm trying to be sneaky. if i'm successful then we have a security hole and you should see a lot of info about the server below:

Reply to this post
Reply [edit]

Poster: 0 Date: Aug 4, 2002 12:51am
Forum: general Subject: Re: security with php

doesn't seem to have been a problem. php commands are not executed because they are not brought in in the usual manner. however, i'm no security expert, and i'd like to have someone who knows more try to hack the system.